Polycom 2000/4000 Saw User Manual


 
Polycom RMX 2000/4000 Administrator’s Guide
H-7
Creating the Security (TLS) Certificate in the OCS and
Exporting the Certificate to the RMX Workstation
To work in Microsoft R1 and R2 environment or when encryption of SIP
signaling is used, the SIP server and the RMX Transport Type must be set
to TLS and a certificate must be created and sent to the RMX.
In this scenario, a video conference is scheduled on a Polycom MCU and it
includes predefined participants; Office Communicator and other SIP and
non-SIP users. At the scheduled time the conference is activated and the
MCU automatically dials out to the predefined participants and connects
them to the conference.
To enable the TLS transport, certificate files rootCA.pem, pkey.pem and
cert.pem must be sent to the RMX unit. These files can be created and sent
to the RMX in two methods:
• The files rootCA.pem, pkey.pem and cert.pem are provided by a
Certificate Authority and are sent independently or together with a
password file to the RMX. This is the recommended method.
Alternatively, the TLS certificate files are created internally in the
OCS and exported to the RMX workstation from where the files can
be downloaded to the RMX. If the certificate is created internally by
the OCS, one *.pfx file is created. In addition, a text file containing the
password that was used during the creation of the *.pfx file is
manually created. Both files can then be sent from the RMX
workstation to the RMX unit. When the files are sent to the RMX, the
*.pfx file is converted into three certificate files: rootCA.pem, pkey.pem
and cert.pem.
Sometimes, the system fails to read the *.pfx file and the conversion
process fails. Resending *.pfx file again and then resetting the system
may resolve the problem.
To create the TLS certificate in the OCS:
1 In the OCS Enterprise Pools tree, expand the Pools list and the server
pool list.
If a Load Balancer is used in Microsoft R1environment, the transport type may
be set to TCP or TLS.